cleantalk
Vulnerabilities and Security Researches

Image Widget, CVE-2026-42643

CVE, Research URL

CVE-2026-42643

Home page URL

Security reports for Image Widget

Application

Image Widget

Published on
Apr 29, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP Image Widget image-widget allows Stored XSS.This issue affects Image Widget: from n/a through <= 4.4.11.
Affected versions
max 4.4.12.
Status
vulnerable
Previous vulnerability researches
Autoptimize (CVE-2026-2430) , Apr 14, 2026
Autoptimize (CVE-2026-2352) , Apr 14, 2026
Autoptimize (CVE-2025-13401) , Jan 09, 2026
Autoptimize (CVE-2021-24332) , Jun 07, 2024
Autoptimize (CVE-2020-24948) , Jun 07, 2024
New vulnerability
Image Widget (CVE-2026-42643) , May 01, 2026
Five Star Restaurant Reservations &#8211; WordPress Booking Plugin (CVE-2026-6498) , May 01, 2026
WordPress Tag and Category Manager &#8211; AI Autotagger (CVE-2026-42646) , May 01, 2026
GiveWP &#8211; Donation Plugin and Fundraising Platform (CVE-2026-42642) , May 01, 2026
Spectra &#8211; WordPress Gutenberg Blocks (CVE-2026-42648) , May 01, 2026